Last Updated: January 9, 2020

Introduction

Welcome. You have arrived at a website provided by KROST CPAs (“KROST,” “Company” or “we,” “our” or “us”). We respect your privacy and want to protect your personal information.

This Privacy Policy governs www.krostcpas.com, its subdomains, and all portals, applications, products, services, events, and any interactive features, applications, or other services that post a link to this Privacy Policy (the “Site”). This Privacy Policy also applies to information (including the “Personal Information” defined below) that we may collect from you in person at our physical office locations (each a “Location”), via phone calls or other communications with our personnel or in any other instance when you contact us. We refer to all of the above as our “Services.”

We are required by law to tell you what information we collect from you, why we collect it, how we use it, under what circumstances we may share it with third parties, how we protect that information, and how you may opt-out of the sale of that information. As a preliminary matter, we handle all information you provide us with the utmost confidentiality. Your personal information will only be shared with members of our firm who need to know this information in order for us to provide Services to you. At times, we may need to disclose your personal information to third parties outside the firm who may be assisting us with providing Services to you, as set forth in this Policy. If you have questions about this Privacy Policy, contact us at [email protected].

Please note that if you voluntarily provide your information in the course of interacting with our Site, visiting our Locations, or otherwise using our Services, we will take that as your agreement to our collection, use, and disclosure of your information as set forth in this Privacy Policy. This Privacy Policy is incorporated into our Terms of Use which governs your use of this Site and is expressly made part of your Client Engagement Letter when you hire us.

By using our Site, contacting us to inquire about our Services, or visiting our Locations, you consent to our Privacy Policy and agree to our Terms of Use.

This Privacy Policy does not apply to any products, services, websites, or content that are offered by third parties (“Third Party Services”), which are governed by their respective privacy policies.

Table of Contents
What Information We Collect and Sources of Information
Why We Collect Information
When We Disclose Information
Ads and Information About You
Your Choices About the Information We Collect
Children’s Privacy
Do Not Track Disclosures
Visitors to the Site Outside of the United States
Updating Personal Information
Links
Security
Your Data Protection Rights Under the General Data Protection Regulation (GDPR)
Your California Privacy Rights (Rights Under the California Consumer Privacy Act (CCPA))
Your Nevada Privacy Rights
Questions/Changes in Privacy Policy


What Information We Collect

(a) Information You Provide to Us

In connection with the Services we provide, we may ask you to provide us with certain information, including

(i) your first and last name, email address, home or business address, telephone number, mobile number, username, driver’s license, social security number, passport number, bank account number, credit card or debit card number, other financial information, your birth date, your payment and/or service history, marital status, current or past job information, educational information (such as student financial information);
(ii) other information that could reasonably be used to identify you personally or identify your household or device ((i) and (ii) are collectively referred to hereinafter as “Personal Information”); and/or
(iii) demographic information, such as your country, state, or county of residence or business operation (“Demographic Information”).

Your decision to provide us with information is voluntary, but if you choose not to provide any requested information, you may not be able to take advantage of all of the Site’s features or our Services.

We use that information to allow you to access the Site and our Services, prepare your personal and/or corporate income tax returns, and also provide various tax and financial planning services to you at your request.

(b) General Browsing

In addition to information that you choose to submit to us, we and/or our service providers may automatically collect and/or store certain information when you visit or interact with the Site (“Usage Information”). This Usage Information may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site(s). Usage Information may include:

• Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier (“Device Identifier”);
• Your Device functionality (including browser, browser language, operating system, hardware, mobile network information);
• Referring and exit web pages and URLs;
• The areas within our Site that you visit and your activities there, including remembering you and your preferences;
• Your Device location or other geolocation information, including the zip code, state or country from which you accessed the Services;
• Your Device characteristics; and
• Certain other Device data, including the time of day you visit our Site.

For location information, we may use this information to provide customized Services, content, promotional offers, and other information that may be of interest to you.

If you no longer wish for us or our service providers to collect and use location information, you may disable the location features on your device. Consult your device manufacturer settings for instructions. Please note that if you disable such features, your ability to access certain features, Services, content, promotions, or products may be limited or disabled.

(c) Use of Cookies and Other Tracking Technologies

We may use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site), include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):

Cookies. A cookie is a file placed on a Device to uniquely identify your browser or to store information on your Device. Our Site may use HTTP cookies, HTML5 cookies, Flash cookies and other types of cookie technology to store information on local storage.
Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.
Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on.
ETag, or entity tag. An Etag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user).

We may use Tracking Technologies for a variety of purposes, including:

• To allow you to use and access the Site, including for the prevention of fraudulent activity and improved security functionality;
• To assess the performance of the Site, including as part of our analytic practices or otherwise to improve the content, products or services offered through the Site;
• To offer you enhanced functionality when accessing the Site, including identifying you when you sign into our Site or keeping track of your specified preferences or to track your online activities over time and across third-party sites; and
• To deliver content relevant to your interests on our Site and third-party sites based on how you interact with our content.

You can get more information about Cookies and Tracking Technologies, and instructions on how to opt-out of cookies and certain tracking technologies, in our “Ads and Information About You” section below and in our Cookie Policy.

(d) Sources of Personal Information

Additionally, we may obtain Personal Information from you where you expressly provide us with the information. Examples of sources from which we collect information include:

• interviews and phone calls with you,
• letters or e-mails from you,
• information provided via web forms or inputs/uploads into our Site(s),
• information provided via any web portal,
• documents you have provided to us,
• employment applications,
• tax return or financial planning organizers, and/or
• financial history questionnaires.

(e) Information We Collect When You Interact with Third-Party Sites

The Site may include functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. The use of this functionality may involve the third-party site providing information to us. For example, we may provide links on the Site to facilitate sending a communication from the Site or we may use third parties to facilitate emails or postings to social media (like a “Share” or “Forward” button). These third parties may retain any information used or provided in any such communications or activities and these third parties’ practices are not subject to our Privacy Policy. We may not control or have access to your communications through these third parties. Further, when you use third-party sites or services, you are using their services and not our services and they, not we, are responsible for their practices. You should read the applicable third-party privacy policies before using such third-party tools on our Site. Please also see our Terms of Use for further information.

(f) Information from Third Parties.
In addition, we may collect information about you from other sources, including consumer credit reporting agencies and state or federal agencies. We may also obtain information about you from marketers and market research firms. We may combine the information we collect from third parties with information that we have collected from you or through your use of the Services.


Why We Collect Information

We may use your information for various purposes, including:

• Responding to your requests for information;
• Providing professional services to you:
• Verifying your identity and for fraud prevention;
• Processing your payments;
• Providing you with online tax preparation products, services, calculators, software, and tax preparation information;
• Evaluating your employment application;
• Providing you with updates and information about products and services we provide;
• Sending you marketing information about KROST and our affiliated entities;
• Sending you email communications such as electronic newsletters about our Services and events which may be of interest to you;
• Improving the effectiveness of our Site, our marketing endeavors, and our product and service offerings;
• Identifying your product and service preferences, providing personalized content and ads and informing you of new or additional information, products and services that may be of interest to you;
• Helping us address problems with and improve our Site and our products and services, including testing and creating new products, features, and services;
• Providing mobile marketing messages and other communications and messages;
• Protecting the security and integrity of the Site, including understanding and resolving any technical and security issues reported on our Sites;
• Engaging in analysis, research, and reports regarding the use of our Sites and Services;
• For internal business purposes;
• Complying with the law and protecting the safety, rights, property or security or KROST, the Services, and the general public; and
• For purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy.


When We Disclose Information

As a general rule, we do not disclose Personal Information about our current or former clients to anyone. However, to the extent permitted by law and any applicable state Code of Professional Conduct, certain nonpublic information about you may be disclosed in the following situations:

• To comply with a validly issued and enforceable subpoena or summons.
• In the course of a review of our firm’s practices under the authorization of a state or national licensing board, or as necessary to properly respond to an inquiry or complaint from such a licensing board of organization.
• In conjunction with a prospective purchase, sale, or merger of all or part of our practice, provided that we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.
• As a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.
• To provide information to affiliates of the firm and nonaffiliated third parties who perform services or functions for us in conjunction with our services to you, but only if we have a contractual agreement with the other party which prohibits them from disclosing or using the information other than for the purposes for which it was disclosed. (Examples of such disclosures include using an outside service bureau to process tax returns or engaging a records-retention agency to store prior year records.)

We may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your personally identifiable information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.

Finally, we also may share your information, including your Personal Information, with our affiliates and other third parties, such as companies with whom we have marketing or other relationships, for direct marketing purposes. (If you are a California resident, you have the right to request additional information regarding the “sale” of your information. Please see the Section entitled “Your California Privacy Rights” below about these rights.) In addition, we may share the information we have collected about you, including Personal Information, as disclosed at the time you provide your information and as described in this Privacy Policy.


Ads and Information About You

You may see certain ads on our Site because we participate in advertising networks administered by third parties. These networks track your online activities over time and across third-party websites and online services by collecting information through automated means, including through the use of the Tracking Technologies described above, and they use this information to show you advertisements that are tailored to your individual interests. The information they collect includes information about your visits to our Site(s), such as the pages you have viewed. This collection and ad targeting take place both on our Site(s) and on third-party websites that participate in the ad network. This process also helps us track the effectiveness of our communications and marketing efforts. You can find additional information in our Cookie Policy, including ways to opt-out of certain Tracking Technologies.


Your Choices About the Information We Collect

If you would prefer that we not share your name and mailing address with third parties (other than with our affiliates) to receive promotional offers, you have the option to opt-out of such sharing. To do so, please email us at [email protected]. Your choice will not affect our ability to share information in the other ways described in this Privacy Policy.

If you do not wish to receive e-mails about special offers, events, and other promotions from us, email us at [email protected] to opt-out or click the link in the email to “unsubscribe.” If you do not wish to receive other marketing materials by regular mail from us, please write us at:
KROST CPAs
790 E. Colorado Blvd.
Suite 600
Pasadena, CA 91101

Please note that certain of your personal information, such as your name or other identifying information, may remain in our database even after a deletion request in order to maintain the integrity and historical record of our database and systems, or to comply with applicable laws and regulations.


Children’s Privacy

KROST recognizes the importance of children’s safety and privacy. The Site(s) are not designed to attract children and are not intended for use by any children under the age of 13. We do not request, or knowingly collect, any personally identifiable information from children under the age of 13. Minors under the age of 16 (but older than 12) may use the Site(s) only under the supervision of a parent or legal guardian who agrees to be bound by the Site’s Terms of Use. If you are the parent or guardian of a child under 13 who has provided her or his information to us, please contact us at [email protected] to request the deletion of that information.


Do Not Track Disclosures

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug-in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally-agreed upon standard for what a company should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track at https://allaboutdnt.com. (This links to a third-party site not controlled by us.)


Visitors to the Site Outside of the United States

If you are visiting the Site from a location outside of the U.S., your connection will be through and to servers located in the U.S. All information you receive from the Site will be created on servers located in the U.S., and all information you provide will be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Privacy Policy.


Updating Personal Information

We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us at [email protected].

If so, we will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable (but we may retain prior information as business records). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons, such as a legitimate business reason.

In addition, please note that if you implement a deletion request but later sign up for information or Services, your most recent request will control our information relationship with you.


Links
For your convenience, the Site(s) and this Privacy Policy may contain links to other websites. KROST is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site(s) should be deemed to imply that KROST endorses or has any affiliation with the links. Please see our Terms of Use for more information.


Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from our Site, and you provide us with your information at your own risk.


Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

If you are a resident of or located within the European Economic Area (“EEA”), you have certain additional data protection rights. These rights include:

• The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your Personal Information.
• The right of restriction. You have the right to request that we restrict the processing of your personal information.
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where KROST relied on your consent to process your personal information.

Legal Basis for Processing Personal Information Under GDPR

KROST’s legal basis for collecting and using the Personal Information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect it.

KROST may process your Personal Information because:

• We need to perform a contract with you;
• You have given us permission to do so;
• The processing is in our legitimate interests and it is not overridden by your rights; or
• To comply with the law.

Retention of Information

KROST will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

KROST will also retain Usage Data for internal analysis purposes. Usage Data is data collected automatically either generated by the use of the Site or from the Site infrastructure itself (for example, the duration of a page visit). Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site or we are legally obligated to retain this data for longer periods.

Transfer of Information

Your information, including Personal Information, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Information, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

KROST will take all the steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information, including data processing agreements (“DPAs”) incorporating Standard Contractual Clauses, where necessary.

Disclosure of Personal Information

Disclosure for Law Enforcement – Under certain circumstances, KROST may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

KROST may disclose your Personal Information in the good faith belief that such action is necessary to:

• To comply with a legal obligation
• To protect and defend the rights or property of KROST.
• To prevent or investigate possible wrongdoing in connection with the Service
• To protect the personal safety of users of the Service or the public
• To protect against legal liability

Security of Information

Please note that we may ask you to verify your identity before responding to such requests.

Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first.

For more information, please contact your local data protection authority in the EEA.


Your California Privacy Rights
This Privacy Notice is for California Residents and applies solely to all visitors, users, and others who reside in the State of California (“Consumers”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this Section.

KROST collects certain types of personal information about you during your relationship with KROST as a user, resident, owner, or visitor. In particular, our Site has collected the following categories of Personal Information from its consumers within the last twelve (12) months:

Category Collected
A. Identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). YES
C. Protected classification characteristics under California or federal law YES
D. Commercial information. YES
E. Biometric information. NO
F. Internet or other similar network activity. YES
G. Geolocation data. YES
H. Sensory data. NO
I. Professional or employment-related information. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). YES
K. Inferences drawn from other personal information. YES

For purposes of the CCPA, Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
• health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
• personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Under California law, if you are a resident of California, under certain circumstances, you have the right to request certain information that we collect about you, including:

(1) The categories of Personal Information we have collected from you;
(2) The categories of sources from which we collected the Personal Information;
(3) The business purpose we have for collecting or sharing that Personal Information;
(4) The categories of third parties with whom we share such Personal Information; and
(5) The specific pieces of Personal Information we have collected about you.

In addition, you may request that we provide you with:

(1) The categories of Personal Information that we sold about you, and the categories of third parties to whom the personal information was sold, by category or categories of Personal Information for each category of third parties to whom the information was sold;
(2) The categories of Personal Information that we have disclosed about you for a business purpose;
(3) The category or categories of consumers’ Personal Information that we have sold, or if we have not sold consumers’ Personal Information; and
(4) The category or categories of consumers’ Personal Information that we have disclosed for a business purpose, or if we have not disclosed that information for a business purpose.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information
.
You may make a written request to us to request this information. We may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request twice a year. You may call, email or write us with your request at the contact information below. Please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident by including a California postal address in your request. We will respond to your request within 45 days or let you know if we need additional time.

Email Address:
[email protected]

Postal Address:
KROST CPAs
790 E. Colorado Blvd.
Suite 600
Pasadena, CA 91101
Attn: California Privacy Rights Administrator

Phone Number:
626-449-4225 or Toll-Free: 877-525-4462


Your Nevada Privacy Rights

If you are a Nevada resident, you have the right to request certain information from us regarding the collection and sale of your personal information (as defined in Nevada Revised Statutes 603A.320) during your visit to our websites or when you otherwise interact with us online. If you have sought or acquired, by purchase or lease, any goods or services for personal, family, or household purposes from the KROST Site, you may ask us to disclose whether we have sold (for monetary consideration) certain information about you (including your first and last name, physical address, email address, telephone number, social security number, an identifier that allows you to be contacted either physically or online, or other contact information that allows us to identify you personally).

As a Nevada resident, you may also request to opt-out of us sharing such information about you. To make this inquiry, please submit a request in writing to [email protected] with “Nevada Privacy Rights” in the subject line. You must include your full name, email address, and attest that you are a Nevada resident by providing a Nevada postal address in your request. Please state whether you are requesting information and/or opting out.

We will process your request within 60 days, or we will let you know if we need additional time. We may require additional information to verify your identity before we can respond.


Questions / Changes in Privacy Policy

If you have questions or concerns with respect to our Privacy Policy, you may contact us at [email protected]. We may elect to change or amend our Privacy Policy; in such event, we will post the policy changes in our Privacy Policy on the Site, and they will become effective on the date posted. If you are concerned about how your personal information is used, please visit our Site often for this and other important announcements and updates.